Nobody asked, but here it is. A sample BGP and VRRP config. I tested this with a few MetaROUTER VM's and it all worked. Hopefully I don't have any typos. I implemented the config to mirror that shown in the picture from the thread on the Vyatta forum.
If you need assistance adapting this to your exact config let me know and I'll be happy to help. ### Router 1 ### /interface vrrp add interface=ether1 name=vrrp1 vrid=1 priority=254 authentication=ah password=somepass /ip address add interface=ether1 address=192.168.111.2/29 add interface=vrrp1 address=192.168.111.4/29 /routing bgp instance set default as=65001 router-id=192.168.111.2 /routing filter add chain=set-next-hop locally-originated-bgp=yes set-out-nexthop=192.168.111.4 add chain=set-next-hop locally-originated-bgp=yes action=accept add chain=set-next-hop action=reject comment="Deny any other routes" /routing bgp peer add instance=default name=upstream remote-address=192.168.111.1 remote-as=65000 update-source=192.168.111.2 nexthop-choice=propagate out-filter=set-next-hop /routing bgp network add network=192.168.110.0/24 synchronize=no ### Router 2 ### /interface vrrp add interface=ether1 name=vrrp1 vrid=1 priority=100 authentication=ah password=somepass /ip address add interface=ether1 address=192.168.111.3/29 add interface=vrrp1 address=192.168.111.4/29 /routing bgp instance set default as=65001 router-id=192.168.111.3 /routing filter add chain=set-next-hop locally-originated-bgp=yes set-out-nexthop=192.168.111.4 add chain=set-next-hop locally-originated-bgp=yes action=accept add chain=set-next-hop action=reject comment="Deny any other routes" /routing bgp peer add instance=default name=upstream remote-address=192.168.111.1 remote-as=65000 update-source=192.168.111.3 nexthop-choice=propagate out-filter=set-next-hop /routing bgp network add network=192.168.110.0/24 synchronize=no -- Blake Covarrubias On Nov 2, 2010, at 9:13 AM, Blake Covarrubias wrote: > For those interested in BGP and VRRP, take look at this thread from the > Vyatta forums. > > http://www.vyatta.org/forum/viewtopic.php?p=4213&sid=0b9f48079b1388c4fb722704ac6221ae > > Its not hitless, stateful failover, but this method will work and provides > probably the best failover you're going to see given the constraints of the > BGP protocol. You're still going to be subject to the same latency in your > failover scheme as Vyatta; VRRP, BGP, firewall sessions. > > As long as your provider will run dual BGP feeds to you from the same router > on their side you can create this setup. The config is relatively straight > forward. If anyone is interested in seeing this configured under MikroTik hit > me up off list and I'll come up with a sample config. > > -- > Blake Covarrubias > > On Nov 2, 2010, at 9:04 AM, Jeff Broadwick - Lists wrote: > >> Hi J.P. and others, >> >> I have a dog in this fight (I work for ImageStream), but this comment >> applies to just about any situation/hardware. >> >> Set up redundant routers using BGP and VRRP (HSRP in Cisco…although >> apparently they support VRRP also). If you can’t afford to be down, you >> need to find a way to get another router. If your upstreams are Ethernet, >> this is pretty simple, and not terribly expensive (depending on the hardware >> you choose). You can peer with different types/speeds of circuits. You’ll >> need to do some preliminary work to manage the flows so that you don’t kill >> the smaller feeds, but it’s very doable. >> >> Regards, >> >> Jeff Broadwick >> ImageStream >> 800-813-5123 x106 >> >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On >> Behalf Of jp >> Sent: Tuesday, November 02, 2010 11:35 AM >> To: fai...@snappydsl.net; WISPA General List >> Subject: Re: [WISPA] Full BGP on RouterOS >> >> We use MT BGP internally on our network; not full feeds. 1400 routes on >> one server. Works great for that; no reliability issues in every day >> operation. No problems with 12 month uptimes. I have seen some minor >> issues in 3.30 where if you remove a peer prior to disabling first, it >> can jam things up in terms of stale routes, but done in the right order >> it's fine. >> >> Once a month crash is not acceptable reliability for our uplink. Once in >> 6 months is OK if it's self-correcting. I've used Cisco for about ten >> years for my uplink with BGP, and it has been good as long as we didn't >> run out of memory or have a rare hardware problem. We kept a complete >> working spare system in place for parts and didn't have a Smartnet >> contract. I had a smartnet once for a smaller router, but it was so much >> trouble getting it and using it for just one router, I never renewed it. >> We have a Juniper j2350 with aftermarket ram now replacing a Cisco 7507. >> It's been as/more reliable than the Cisco and is 2u instead of >> dorm-fridge size, gigabit ports instead of 100mbps ports. Tech support >> was excellent. I'll be buying a spare or bigger one for backup. >> >> I have not tried Imagestream, but don't doubt the wide variety of >> other's praise. >> >> As networks get bigger and thus more complex, it's essential to avoid >> unreliable situations, no matter what the cost savings. Say you have 60 >> devices and each one has a once-a-month breakage. That's 2 outages a >> day, enough to drive staff and customers crazy. Reduce that to twice a >> year outage per device and that staffer can get something done again. >> >> >> On Tue, Nov 02, 2010 at 10:43:43AM -0400, Faisal Imtiaz wrote: >>> This is exactly what I am concerned with..... >>> Things breaking once in a while is not an issue.. >>> Things breaking once every month or few weeks is not going to be >>> acceptable from our users.. >>> >>> Trying to determine if this is a 'feature' or a short term 'bug'. >>> >>> Cisco's and Junipers, get a premium even in the used market place, but >>> the primary reason for it is stability... >>> >>> Any other that can chime in with their experiences ? >>> >>> Many thanks in advance. >>> >>> >>> >>> Faisal Imtiaz >>> Snappy Internet & Telecom >>> >>> >>> On 11/2/2010 10:32 AM, Chuck Hogg wrote: >>>> Our MikroTik BGP router keeps crashing about once every month or >>>> so...sometimes sooner, sometimes later. We are using full BGP tables >>>> and 4.11 currently. >>>> >>>> Regards, >>>> >>>> Chuck >>>> >>>> >>>> >>>> On Tue, Nov 2, 2010 at 10:23 AM, Brad Belton<b...@belwave.com> wrote: >>>>> We've been running BGP with MikroTik for quite some time now. It hasn't >>>>> been flawless by any stretch, but ever since late v2.8 or early v2.9 we >>>>> haven't had much trouble with it. We running v3.30 on two routers with >>>>> two >>>>> full feeds each and a third running v4.11 with two full feeds. All of >>>>> these >>>>> routers have a handful of downstream BGP peers that we are also delivering >>>>> full tables to. >>>>> >>>>> So far I think v4.11 might be the best, but we don't have as much time on >>>>> that version as we do with v3.30. The only reason we moved one of our >>>>> routers from v3.30 to v4.11 was because we had an unusual hang with that >>>>> particular router. We weren't sure if it was hardware or OS related, >>>>> however moving it to v4.11 seems to have resolved the problem. (knock on >>>>> wood) >>>>> >>>>> Bottom line is given the price of a beefy MikroTik router vs. buying an >>>>> Imagestream or Cisco that is equivalent we can have hot standby spares on >>>>> hand and still be thousands if not tens of thousands of dollars ahead. >>>>> That >>>>> coupled with building a network that isn't solely dependent on any single >>>>> point of failure further reduces the crisis when a core router fails. >>>>> >>>>> Things break...doesn't matter if MikroTik, ImageStream, Cisco or Juniper >>>>> makes it. ALL things break eventually, so plan for it! >>>>> >>>>> Best, >>>>> >>>>> >>>>> Brad >>>>> >>>>> >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On >>>>> Behalf Of Faisal Imtiaz >>>>> Sent: Tuesday, November 02, 2010 9:11 AM >>>>> To: n...@brevardwireless.com; WISPA General List >>>>> Subject: Re: [WISPA] Full BGP on RouterOS >>>>> >>>>> Hi Nick, >>>>> >>>>> How stable has the Mikrotik been running full BGP with the two providers ? >>>>> >>>>> (I read about a memory leak issues, is that why you are using 5.0rc1 ?) We >>>>> have been considering getting a Mikrotik for such use. >>>>> >>>>> Thanks. >>>>> >>>>> Faisal Imtiaz >>>>> Snappy Internet& Telecom >>>>> >>>>> On 11/2/2010 9:21 AM, Nick Olsen wrote: >>>>>> We have two full tables running on mikrotik, in two different locations. >>>>>> >>>>>> Running that command >>>>>> /ip route print count-only where bgp-as-path="1234" >>>>>> Replacing the AS with "33363" (local cable company). >>>>>> Doesn't work on either of our routers for some reason (MT 5.0rc1 or 4.4). >>>>>> >>>>>> Our router running a core 2 2.93ghz can take two full feeds gets all >>>>>> the routes in about 4 seconds, And cpu load is idle about 13 seconds >>>>> later. >>>>>> However making changes with routing filters take anywhere from >>>>>> 10seconds to 2 minutes depending on what its doing. >>>>>> >>>>>> >>>>>> Nick Olsen >>>>>> Network Operations >>>>>> (855) FLSPEED x106 >>>>>> >>>>>> >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> -- >>>>>> *From*: "Kristian Hoffmann"<kh...@fire2wire.com> >>>>>> *Sent*: Friday, October 29, 2010 11:50 AM >>>>>> *To*: "WISPA General List"<wireless@wispa.org> >>>>>> *Subject*: [WISPA] Full BGP on RouterOS >>>>>> >>>>>> Hi, >>>>>> >>>>>> Does anyone have 1-2 full BGP routing tables on a MikroTik router? If >>>>>> so, what kind of hardware are you running. I'm testing a single feed >>>>>> on a P3 800. It loads the routes fine, and seems to handle the routes >>>>>> in stride (all 328659 of them), until you start poking at the routing >>>>>> table like... >>>>>> >>>>>> /ip route print count-only where bgp-as-path="1234" >>>>>> >>>>>> An AS that yielded 500 routes took 1-2 minutes at 100% CPU to complete. >>>>>> Is this "normal" these days, or is significantly greater hardware in >>>>>> order? I used to have a full feed on a Cisco 3640. It took 5-10 >>>>>> minutes to load all of the routes after a reload, and it was almost >>>>>> impossible to log in, high packet loss, etc. during that time. >>>>>> >>>>>> So, should it take 10 seconds on real hardware, or is this type of >>>>>> query always slow? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> -- >>>>>> Kristian Hoffmann >>>>>> System Administrator >>>>>> kh...@fire2wire.com >>>>>> http://www.fire2wire.com >>>>>> >>>>>> Office - 209-543-1800 | Fax - 209-545-1469 | Toll Free - 800-905-FIRE >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> ---------- >>>>>> WISPA Wants You! Join today! >>>>>> http://signup.wispa.org/ >>>>>> ---------------------------------------------------------------------- >>>>>> ---------- >>>>>> >>>>>> WISPA Wireless List: wireless@wispa.org >>>>>> >>>>>> Subscribe/Unsubscribe: >>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>> >>>>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ---------------------------------------------------------------------- >>>>>> ---------- >>>>>> WISPA Wants You! Join today! >>>>>> http://signup.wispa.org/ >>>>>> ---------------------------------------------------------------------- >>>>>> ---------- >>>>>> >>>>>> WISPA Wireless List: wireless@wispa.org >>>>>> >>>>>> Subscribe/Unsubscribe: >>>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>>> >>>>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>>> >>>>> >>>>> ---------------------------------------------------------------------------- >>>>> ---- >>>>> WISPA Wants You! Join today! >>>>> http://signup.wispa.org/ >>>>> ---------------------------------------------------------------------------- >>>>> ---- >>>>> >>>>> WISPA Wireless List: wireless@wispa.org >>>>> >>>>> Subscribe/Unsubscribe: >>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>> >>>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>>> >>>>> >>>>> >>>>> -------------------------------------------------------------------------------- >>>>> WISPA Wants You! Join today! >>>>> http://signup.wispa.org/ >>>>> -------------------------------------------------------------------------------- >>>>> >>>>> WISPA Wireless List: wireless@wispa.org >>>>> >>>>> Subscribe/Unsubscribe: >>>>> http://lists.wispa.org/mailman/listinfo/wireless >>>>> >>>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>>> >>>> >>>> >>>> -------------------------------------------------------------------------------- >>>> WISPA Wants You! Join today! >>>> http://signup.wispa.org/ >>>> -------------------------------------------------------------------------------- >>>> >>>> WISPA Wireless List: wireless@wispa.org >>>> >>>> Subscribe/Unsubscribe: >>>> http://lists.wispa.org/mailman/listinfo/wireless >>>> >>>> Archives: http://lists.wispa.org/pipermail/wireless/ >>>> >>> >>> >>> -------------------------------------------------------------------------------- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> -------------------------------------------------------------------------------- >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> -- >> /* >> Jason Philbrook | Midcoast Internet Solutions - Wireless and DSL >> KB1IOJ | Broadband Internet Access, Dialup, and Hosting >> http://f64.nu/ | for Midcoast Maine http://www.midcoast.com/ >> */ >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 10.0.1153 / Virus Database: 424/3233 - Release Date: 11/02/10 >> >> >> >> -------------------------------------------------------------------------------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> -------------------------------------------------------------------------------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
